Methods and systems for user opt-in to data privacy agreements

ABSTRACT

A method for controlling access to a user&#39;s personal information includes obtaining, from an application executing on a device of a user of the application, personal information about the user of an application; determining a required permission from the user for at least one proposed use of the personal information; presenting, to the user, a first offer to provide access to at least one enhanced function of the application in exchange for the required permission; and responsive to the user providing the required permission, providing the user with access to the at least one enhanced function of the application.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. Nonprovisionalapplication Ser. No. 16/111,126, filed Aug. 23, 2018, which is acontinuation of U.S. Nonprovisional application Ser. No. 15/587,748,filed May 5, 2017, which claims the benefit of and priority to U.S.Provisional Application Ser. No. 62/468,502, filed Mar. 8, 2017, theentire contents of which are incorporated by reference herein for allpurposes.

BACKGROUND Technical Field

The application generally relates to managing privacy of personalinformation on computer systems, and more particularly, in one aspect,to systems and methods for allowing users to opt-in to data sharingarrangement as part of data privacy agreements.

Background

Online services, as well as the mobile device apps that can be used toaccess those services, are ubiquitous, allowing users to socialize,bank, shop, navigate, and more. The convenience these servicesoffer—including the personalized features and intuitive capabilitiesbased on users' preferences and past activities—make them nearlyindispensable for many. Yet there is a tradeoff for such convenience:such services and applications must gather volumes of information aboutthe user in order to be useful to the user.

Such information is gathered in at least two ways. First, the user maybe prompted to input or otherwise provide the information, such as bytyping his home address into a form, or by logging into an onlinebanking program by providing her bank account information. Second, asthe user interacts with the application and/or online, information abouther activities or status may be collected automatically by theapplication. For example, a navigation application may determine andstore the user's current or previous locations, and may identifypatterns in the user's movements, such as by concluding that a locationto which the user travels each weekday morning is his place ofemployment. Vast amounts of such information may be collected as theuser moves through the digital world, including purchasing (and evenbrowsing) history on ecommerce sites, social media activities andrelationships, favorite websites, dining habits, and the like.

Because of the sensitivity of this personal information, many states andcountries have enacted strict requirements for presenting users with aprivacy policy detailing how the information will be used, and requirethat the user consent to the policy before collecting the information.Due to those requirements, users of applications that collect personalinformation are essentially presented with an ultimatum at the outset:either agree that the information may be collected and used by theapplication without compensation to the user (beyond the use of theapplication), or be denied access. Yet how can a user consent tosomething that is not adequately explained? Users often have no idea howtheir data is being used, because application privacy policies can bedifficult to locate and impenetrable to read, often stuffed withlegalese and dumped on a website. They are rarely read and even lessfrequently updated; ignored and promptly forgotten by user andapplication administrator alike.

Further compounding the problem, different jurisdictions require consentfor different information and different uses for that information. Forexample, the forthcoming European Online Data privacy law in theEuropean Union imposes strict requirements on obtaining consent, usingand sharing information, and destroying the information upon request(the “right to be forgotten”). Other jurisdictions are more lax. Thus,an identical application offered to two different users in differentlocations may be required to obtain different types of consent, or riskalienating or annoying some users by applying the strictest requirementsto all users, asking for consent beyond what is necessary for that user.

Once collected, some personal data may be legally resold to thirdparties, including marketers, researchers, and the like, who may in turnuse the information for their own uses. Such purchasers must trust theassurances of the collector of the personal information (e.g., theapplication providers) that the data is “clean”—i.e., that it wascollected in accordance with the necessary consent and otherrequirements. If that trust turns out to be misplaced, however, thepurchaser may be liable: data resellers often require indemnificationfrom purchasers in the event the data was illegally collected or usedalong the way.

SUMMARY

This disclosure addresses the drawbacks of current datacollection/privacy schemes by providing an improved, more transparentopt-in process. A “Privacy-as-a-Process” (PaaS) arrangement allows acomponent of an application (e.g., a mobile app), in conjunction withother components of a distributed system, to determine what informationis to be collected from a user, how that information will be used, andwhat permissions are required from that user for that user. A disclosurematrix is generated and populated clearly explaining to the user in anorganized, concise manner what information is to be collected, and howit will be used. The user is given the option to receive additionaldetails and explanation as to the information to be collected and theuses to which it will be put. The user can then provide or withholdinformed consent for those uses. In some embodiments, the user may beallowed to selectively provide consent for different uses of differenttypes of information.

In some embodiments, the user may be presented with certain offers inexchange for the user's consent to a proposed use of certain personalinformation. The offers may be in the forms of credit or money, or mayrelate to features of the application itself. For example, a user may beoffered premium access to certain features of a mobile app that are notaccessible to other classes of users, such as “basic” members. To acceptthe offer, the user would consent to certain uses of the user'sinformation (including, but not limited, sale of the information tothird parties). Alternatively, the user may decline the offer, choose todisallow such use of the information and either use the basic featuresof the app or obtain premium access another way (such as by paying amonthly subscription for it). Multiple tiers of offers may be presentedto the user, with the user receiving access to better features inexchange for agreeing to share more information, and/or allow more ordifferent uses of that information. For example, a user of an onlinemusic streaming app may be presented with the opportunity to obtain 5credits (redeemable in the app for access to a premium service) inexchange for allowing the user's location to be shared with thirdparties, and may presented with the opportunity to obtain 10 credits inexchange for allowing the user's location and listening habits to beshared.

According to one aspect, a method for controlling access to a user'spersonal information is provided. The method includes obtaining personalinformation about a user of an application; determining a requiredpermission from the user for at least one proposed use of the personalinformation; presenting, to the user, a first offer to provide access toat least one enhanced function of the application in exchange for therequired permission; and responsive to the user providing the requiredpermission, providing the user with access to the at least one enhancedfunction of the application.

According to one embodiment, the at least one enhanced function of theapplication is functionality not available to at least one other groupof users of the application. According to another embodiment, the atleast one enhanced function of the application is a reduced number ofcommercial advertisements presented to the user in the application.According to another embodiment, the method includes presenting, to theuser, a second offer to provide access to a second function of theapplication in exchange for a payment from the user; and responsive tothe user making the payment, providing the user with access to thesecond function of the application.

According to yet another embodiment, the personal information includesat least one of user location, user name, user address, user backgroundinformation, user age, user gender, user household income, user familyor marital status, and user transactional history. According to anotherone embodiment, the at least one proposed use of the personalinformation includes at least one of analytics, market research, marketsegmentation, and disclosure to third parties.

According to another embodiment, the method includes determining a valuefor the required permission from the user for at least one proposed useof the personal information; and generating the first offer based, atleast in part, on the value for the required permission.

According to a further embodiment, the value is determined withreference to at least one of the type of the personal information anddemographic information for the user. According to one embodiment, themethod includes determining a second required permission from the userfor a second at least one proposed use of the personal information;presenting, to the user, a second offer to provide access to a second atleast one enhanced function of the application in exchange for thesecond required permission; and responsive to the user providing thesecond required permission, providing the user with access to the secondat least one enhanced function of the application.

According to one embodiment, determining the required permission fromthe user for the at least one proposed use of the personal informationis performed with reference to at least one of a current location of theuser, a previous location of the user, and a residential location of theuser. According to another embodiment, the application is a mobileapplication installed on a mobile device.

According to another aspect, a method for controlling access to a user'spersonal information is provided. The method includes obtaining personalinformation about a user of an application; determining a requiredpermission from the user for at least one proposed use of the personalinformation; presenting, to the user, a plurality of offers to provideaccess to at least one function of the application, at least one firstoffer of the plurality of offers conditioned on the user providing therequired permission; and responsive to the user accepting one of theplurality of offers, providing the user with access to the at least onefunction of the application.

According to one embodiment, the method includes presenting, to theuser, at least one second offer to provide access to the at least onefunction of the application in exchange for a payment from the user; andresponsive to the user making the payment, providing the user withaccess to the at least one function of the application.

According to another aspect, a system for controlling access to personalinformation is provided. The system includes an application componentexecuted by a software application and configured to identify at leastone piece of personal information proposed to be collected by thesoftware application and at least one proposed use of the personalinformation, the at least one piece of personal information relating toa user of the software application; a permission component configured toidentify a necessary permission to be obtained from the user for the atleast one proposed use of the personal information; and a privacydisplay component configured to display to the user the at least oneitem of personal information about the user proposed to be collected bythe application and the at least one proposed use of the personalinformation, and to receive from the user an indication relating to thenecessary permission.

According to one embodiment, the permission component is configured toidentify the necessary permission to be obtained from the user based onat least one of a current location of the user, a previous location ofthe user, and a residential location of the user. According to anotherembodiment, the privacy display component is configured to display theat least one item of personal information about the user proposed to becollected by the application in a display matrix, the at least one itemof personal information being visually related to the at least oneproposed use of the personal information. According to a furtherembodiment, the display matrix is presented to the user on a website.According to a further embodiment, the display matrix is presented tothe user in the application.

According to another embodiment, the application component is configuredto identify the at least one piece of personal information to becollected by the software application and the at least one proposed useof the personal information based on a privacy policy of the softwareapplication. According to yet another embodiment, the permissioncomponent comprises an offer database including a plurality of offers tobe presented to the user, the offer being an offer of a benefit inexchange for the user providing the necessary permission. According tostill another embodiment, the indication from the user is a gesture inthe user interface.

According to another aspect, a method for controlling access to a user'spersonal information is provided. The method includes identifying atleast one piece of personal information proposed to be collected by asoftware application, the at least one piece of personal informationrelating to a user of the software application; identifying at least oneproposed use of the personal information; determining a necessarypermission to be obtained from the user for the at least one proposeduse of the personal information; displaying to the user the at least oneitem of personal information about the user proposed to be collected bythe software application and the at least one proposed use of thepersonal information; and receiving from the user an indication relatingto the necessary permission.

According to yet another aspect, a method for controlling access to auser's personal information is provided. The method includes obtaining,from an application executing on a device of a user of the application,personal information about the user of an application; determining arequired permission from the user for at least one proposed use of thepersonal information; presenting, to the user, a first offer to provideaccess to at least one enhanced function of the application in exchangefor the required permission; and responsive to the user providing therequired permission, providing the user with access to the at least oneenhanced function of the application.

According to one embodiment, the method includes determining a value forthe required permission from the user for at least one proposed use ofthe personal information; and generating the first offer based, at leastin part, on the value for the required permission. According to afurther embodiment, the value is determined with reference to at leastone of the type of the personal information and demographic informationfor the user.

According to another embodiment, the at least one enhanced function ofthe application is functionality not available to at least one othergroup of users of the application. According to yet another embodiment,the at least one enhanced function of the application is a reducednumber of commercial advertisements presented to the user in theapplication. According to still another embodiment, the method includespresenting to the user, simultaneously with the first offer, a secondoffer to provide access to the at least one enhanced function of theapplication in exchange for a payment from the user; and, responsive tothe user making the payment, providing the user with access to the atleast one enhanced function of the application.

According to another embodiment, the method includes presenting, to theuser, a second offer to provide access to a second function of theapplication in exchange for a payment from the user; and responsive tothe user making the payment, providing the user with access to thesecond function of the application. According to yet another embodiment,the personal information includes at least one of user location, username, user address, user background information, user age, user gender,user household income, user family or marital status, and usertransactional history. According to still another embodiment, the atleast one proposed use of the personal information includes at least oneof analytics, market research, market segmentation, and disclosure tothird parties.

According to yet another embodiment, the method includes determining asecond required permission from the user for a second at least oneproposed use of the personal information; presenting, to the user, asecond offer to provide access to a second at least one enhancedfunction of the application in exchange for the second requiredpermission; and responsive to the user providing the second requiredpermission, providing the user with access to the second at least oneenhanced function of the application. According to another embodiment,determining the required permission from the user for the at least oneproposed use of the personal information is performed with reference toat least one of a current location of the user, a previous location ofthe user, and a residential location of the user.

According to another embodiment, the application is a mobile applicationinstalled on a mobile device. According to yet another embodiment, themethod includes displaying at least one item of personal informationabout the user proposed to be collected by the application in a displaymatrix, the at least one item of personal information being visuallyrelated to the at least one proposed use of the personal information.According to a further embodiment, the display matrix is presented tothe user on one of a website and the application.

According to another embodiment, the method includes identifying atleast one piece of personal information to be collected by theapplication and the at least one proposed use of the personalinformation based on a privacy policy of the application.

According to another embodiment, the method includes receiving, fromuser, an indication regarding required permission via a user interfaceof the device. According to yet a further embodiment, the indicationfrom the user is a gesture in the user interface.

Still other aspects, embodiments, and advantages of these exemplaryaspects and embodiments are discussed in detail below. Embodimentsdisclosed herein may be combined with other embodiments in any mannerconsistent with at least one of the principles disclosed herein, andreferences to “an embodiment,” “some embodiments,” “an alternateembodiment,” “various embodiments,” “one embodiment,” or the like arenot necessarily mutually exclusive and are intended to indicate that aparticular feature, structure, or characteristic described may beincluded in at least one embodiment. The appearances of such termsherein are not necessarily all referring to the same embodiment.

BRIEF DESCRIPTION OF THE DRAWINGS

Various aspects of at least one embodiment are discussed below withreference to the accompanying figures, which are not intended to bedrawn to scale. The figures are included to provide illustration and afurther understanding of the various aspects and embodiments, and areincorporated in and constitute a part of this specification, but are notintended as a definition of the limits of the invention. In the figures,each identical or nearly identical component that is illustrated invarious figures is represented by a like numeral. For purposes ofclarity, not every component may be labeled in every figure. In thefigures:

FIG. 1 is a block diagram of a computer system for controlling access topersonal information according to some embodiments;

FIG. 2 is a block diagram of an application component of a computersystem for controlling access to personal information according to someembodiments;

FIG. 3 is a block diagram of a permission component of a computer systemfor controlling access to personal information according to someembodiments;

FIG. 4 is an exemplary user interface according to some embodiments;

FIG. 5 is a flow diagram of one example process for controlling accessto a user's information according to some embodiments;

FIG. 6 is an exemplary user interface according to some embodiments; and

FIG. 7 is a block diagram of one example of a computer system on whichaspects and embodiments of this disclosure may be implemented.

DETAILED DESCRIPTION

It is to be appreciated that embodiments of the methods and apparatusesdiscussed herein are not limited in application to the details ofconstruction and the arrangement of components set forth in thefollowing description or illustrated in the accompanying drawings. Themethods and apparatuses are capable of implementation in otherembodiments and of being practiced or of being carried out in variousways. Examples of specific implementations are provided herein forillustrative purposes only and are not intended to be limiting. Also,the phraseology and terminology used herein is for the purpose ofdescription and should not be regarded as limiting. The use herein of“including,” “comprising,” “having,” “containing,” “involving,” andvariations thereof is meant to encompass the items listed thereafter andequivalents thereof as well as additional items. References to “or” maybe construed as inclusive so that any terms described using “or” mayindicate any of a single, more than one, and all of the described terms.Any references to front and back, left and right, top and bottom, upperand lower, and vertical and horizontal are intended for convenience ofdescription, not to limit the present systems and methods or theircomponents to any one positional or spatial orientation.

FIG. 1 is a block diagram of a system 100 configured to perform methodsof soliciting user opt-in to data privacy agreements. The system 100includes an application component 110 configured to execute on a userdevice 102, such as the user's mobile device, laptop computer, or othercomputing device 102. The application component 110 is configured toidentify one or more pieces of personal information to be collected bythe application, as well as one or more intended uses of that personalinformation.

Information about the personal information to be collected and theintended uses is provided to a permission component 120, which isconfigured to identify a necessary permission to be obtained from theuser for the at least one proposed use of the information. Thepermission component 120 may preferably be a separate component (e.g., aserver) operated by a sysadmin of the system 100, or may instead be apart of the application component 110. The permission component 120 mayidentify the necessary permission to be obtained with reference to oneor more sources, such as the laws or regulations of the jurisdiction inwhich the user is located, by a policy set by the sysadmin of the system100 or by the offeror of the application in which the applicationcomponent 110 is located, or otherwise. For example, the permissioncomponent 120 may determine that a particular user must opt-in (i.e.,consent) to a particular use of a particular piece of information (e.g.,providing the user's zip code and email address to a third-party) beforesuch a use can be made, but need not provide consent about another useof such information (e.g., market research by the offeror of the appitself).

The permission component 120 populates the privacy display component 130with information about the type of personal information collected andthe proposed use of the personal information so that the user can reviewand/or opt-in to the proposed uses as necessary. In a preferredembodiment, the permission component 120 may be provided on a website,and the application component 110 and/or the application itself mayprovide a link to the website or otherwise direct the user to theinformation, such as in a browser of the user device 102. In a preferredembodiment, the user's personal information and proposed uses thereofmay be presented in a disclosure matrix, with the user being providedthe opportunity in the disclosure matrix to opt-in or opt-out of theproposed use as necessary.

As used herein the term “personal information” refers to informationabout the user device 102 and/or any users associated with the userdevice 102. “Personal information” may include, but is not limited to,personally-identifiable information (PII) that can potentially identifyan individual. Such personal information may include, for example, theuser's name, age, address, phone number, email address, online userID/handle, date of birth, account number, bank card number, frequentflyer number, and social security number (SSN) or othergovernment-issued identification number. Other personal information mayinclude a user's password; transaction history; a log of onlineactivity, such as websites browsed, search engine activity, ecommerceitems viewed, social media interactions, streaming music or videoactivity; and identifiers of friends or relations. The personalinformation may further include demographic information about the user,including age group, race/ethnicity, country of citizenship or origin,occupation, income bracket, political affiliations, religiousaffiliations, hobbies, or interests. The personal information mayfurther include identifiers of the user device 102, such as the IPaddress, MAC address, operating system version, or other information.

The personal information may be intended or desired to be used in avariety of ways, either by entities associated with the application(e.g., the application creator or offeror) or by third-parties to whomthe personal information may be sold, leased, or exchanged for, eitherin its entirety or in modified form, such as in anonymized orpartially-anonymized form. The personal information may be segmentedand/or aggregated with other personal information and used for a varietyof ends, including analytics, market research, market segmentation, andmedia targeting. Arrangements for providing the personal information tothird parties should also be considered “uses” unto themselves forpurposes of this disclosure.

FIG. 2 shows an application component 110 according to some embodiments.The application component 110 includes an executable component 210, adata store 220, and a network interface 240. The executable component210 executes one or more instructions to identify the type of personalinformation to be collected, and the proposed use of the information. Insome embodiments, the executable component 210 may be implemented as aSoftware Development Kit (SDK) within the application, the SDKcollecting data from the application to determine what personalinformation is to be collected and what use is proposed for the personalinformation. The executable component 210 may be called by theapplication executable itself, or may be actively provided the personalinformation types and uses. The executable component 210 may alsoactively obtain the personal information types and uses by interactingwith the application via an Application Programming Interface (API), orby library interposition, network interposition, or other techniques.The executable component 210 may interact with the application via theapplication interface 230.

The data store 220 may store the personal information types and uses, oridentifiers thereof, as well as any relevant user information, includingbut not limited to a user identifier, the user's age, location,citizenship, privacy preferences, and the like. The data store 220 maystore such information in association with one or more users for whichthose types and uses are relevant. The data store 220 may also storemetadata about the opt-in process itself, such as what disclosures werepresented to the user, the time/date when the user opted in, etc. Suchmetadata may be used to filter what data is used in certain ways. Forexample, some third parties may wish to obtain only data collected undercertain conditions, or meeting certain levels of compliance withjurisdictional requirements. The personal information types and uses maybe provided to other components of the system 200 (e.g., the permissioncomponent 120) by the application component 110 via the networkinterface 240. In some embodiments, the application component 110 maycommunicate with other components of the system 200 using a networkinterface provided by the application, or by the user device 102generally. In such embodiments, the network interface 240 may not beincluded in the application component 110.

FIG. 3 shows a permission component 120 according to some embodiments.The permission component 120 includes a network interface 350 configuredto receive, from the application component 110, information about thepersonal information types and uses, as well as user information. Thepermission component 120 further includes a processor 310 configured todetermine what permissions are necessary for the personal informationtypes and proposed uses identified by the application component 110. Theprocessor 310 makes such a determination with reference to a rulesdatabase 320. The rules database 320 may include a set of rulesregarding what level of opt-in, if any, is required, for certain uses ofcertain types of personal information. By applying one or more rulesfrom the rules database 320 to the personal information types and usesreceived from the application component 110, the permission component120 can determine what permission is presently required from the user ofthe application.

The rules database 320 may include different rules for a single type ofuse based on one or more aspects of the user's information,characteristics of the user, including the user's location, citizenship,age, privacy preferences, and the like. For example, providing locationinformation to a third-party may be the type of use for an adult userfor which no permission is required, but for which opt-in must be soughtfor juvenile users (e.g., less than 18 years of age). The rules database320 may encode the privacy rules of one or more jurisdictions, and maybe applied as part of a hierarchy or decision tree. For example, if itis determined that the user is located in the European Union, adifferent branch of process flow for applying rules from the rulesdatabase 320 may be applied. The user's information, the personalinformation types and uses, the necessary permissions (determined, forexample, with reference to rules database 320), and other informationmay be stored in a data warehouse 340.

It will be appreciated that the rules applied by the rules database 320may not be legally or contractually mandated rules, but rather may bepolicies, guidelines, best practices, or privacy preferences set by theuser, the application offeror, or the sysadmin of system 200. In oneexample, the user may set certain privacy preferences that require theuser's opt-in for certain uses of personal information where such opt-inwould not otherwise be required or sought.

In some embodiments, the permission component 120 includes an offerdatabase 330. As discussed in more detail below, the offer database 330may include on or more offers of compensation in exchange for the user'sopt-in to certain uses of information. Such compensation may includebenefits relating to the application itself, including credits foradditional features, services, or benefits, or enhanced or “premium”subscription levels. The processor 310 may identify necessary opt-insfor particular uses of information for a particular user, and may locatein the offer database 330 one or more offers relevant or responsive tothe user agreeing to opt-in.

The permission component 120 also includes a network interface 350configured to communicate with the privacy display component 130.Referring again to FIG. 1, the permission component 120 causes theprivacy display component 130 to generate a display for the user showingthe personal information types and uses the application proposes to makewith the information. The privacy display component 130 may also providethe user the opportunity to provide the necessary opt-ins or receivemore information about the proposed uses. In some embodiments, theprivacy display component 130 is configured to display the personalinformation use and opt-in information in a “disclosure matrix.”

In some embodiments, the disclosure matrix may summarize or otherwisereflect the official privacy policy set by the maker of the app, and maybe a traditional legal document in the form of an agreement or waiver.The terms of the privacy policy may be summarized by a human being tocreate the disclosure matrix, or the disclosure matrix may be generatedfrom the privacy policy by an automated computer process configured toparse the privacy policy. In some embodiments, important terms orelements of the privacy policy may be flagged by a human to facilitatesuch an automatic process. In still other embodiments, the disclosurematrix itself, either alone or in conjunction with other documents, mayserve as the legally operative privacy policy.

FIG. 4 shows an exemplary disclosure matrix 400 according to someembodiments. The disclosure matrix 400 includes a general region 410, adisclosure region 420, and a resource region 430. The general region 410includes metadata or other information about the disclosure matrix 400itself or an underlying privacy policy. For example the dates on whichthe disclosure matrix 400 was created and most recently updated may beindicated in text boxes 412 and 414, respectively. An identifier of theapp, such as the app name or identifier of the app's creator, and thename of the operative document (e.g., “consumer privacy policy”) areindicated in text box 416.

The disclosure region 420 includes columns 422-428 that disclose whatinformation is being collected, describes the information at some levelof detail, how the information will be used, and whether third partieswill receive the information. In particular, columns 422 and 424disclose the general categories and specific types of personalinformation to be collected by the app. Such categories may includebasic data about the user or their device on which the app is operating;location data derived from the device or other information gleaned aboutthe user's location; behavioral data describing the user's activitieswithin or related to the app; and transactional data describing theuser's purchasing activities within or related to the app.

Column 426 identifies one or more proposed uses to be made of thepersonal information collected by the app and described in thecorresponding location in columns 422, 424. Such uses may includeanalytics (e.g., metrics detailing how users interact with the app),marketing segmentation, or market research. Column 428 identifieswhether the uses contemplated in column 426 include disclosing theinformation to any third parties. In the illustrated embodiment, thedisclosure matrix 400 simply indicates whether or not information willbe disclosed to any third parties. In other embodiments, the identity ofthe third parties may be provided. The user may be given the opportunityto select or block one or more third parties from receiving theinformation.

Resource region 430 provides the user with access to additional detailregarding the personal information and its intended uses. For example,links may be provided to definitions for the types of information andproposed uses identified in columns 424 and 426. By clicking and/orhovering over the links, definitions and additional detail may beprovided. In some embodiments, the resource region 430 is not separatefrom the disclosure region 420. For example, in column 426, the word“Analytics” may appear as a hyperlink; clicking or hovering over it maycause the definition of “Analytics” to appear.

In some embodiments, the application component 110 is configured toreceive the user's opt-in directly in the application itself. In otherembodiments, the disclosure matrix 400 may also include one or more userinterface elements (not shown), including buttons, text boxes, radiobuttons, or pull-down menus, allowing the user to interact with thedisclosure matrix 400 by opting-in (or not) to a particular use of aparticular type of information. For example, the disclosure matrix 400may include an “Agree” button the user can click to agree to theproposed uses of the personal information set out in the disclosureregion 420. In another example, each row of personal information in thedisclosure region 420 may be associated with such an element, so thatthe user may opt-in (or not) to each individual use.

In some embodiments, as described above, the application component 110,the permission component 120, and the privacy display component 130 arearranged in a distributed manner. In one example, the applicationcomponent 110 executes on the user device 102 (e.g., a smartphone); thepermission component 120 executes on a server or other system remotefrom the application component 110; and the privacy display component130 presents information (e.g., as a website) on a system remote fromthe application component 110. The privacy display component 130 mayreside on the same system as the permission component 120, or may resideremotely from both the application component 110 and the permissioncomponent 120.

Such a distributed arrangement offers an improvement over known systems.For example, by hosting the privacy display component 130 remotely fromthe application component 110, the system allows for an entity operatingthe application component 110 to display the privacy policy informationin a standardized format that can be changed by the entity or the user.

As another example, the use of a permission component 120 remote fromthe application component 110 allows for permission rules andrequirements to be updated (due to changed user preferences, changes inthe law, or otherwise) without requiring changes to the applicationcomponent 110 running on the user device 102. Such updates to anapplication typically interrupt use of the application, and require theuser to agree to the updates. A user who declines to install such anupdate may have his/her personal information collected under anout-of-date permission scheme, thereby making the collection out ofcompliance. The use of the current system avoids such problems byallowing for updates to be made to the rules executed by the permissioncomponent 120 without disruption to the user.

According to another aspect, the user may be presented with one or moreoffers relating to the app in exchange for opting-in to certain uses ofthe user's personal information by the app or third-parties. Forexample, the user may be offered, at no monetary cost, access to apremium subscription or enhanced functionality of the app that wouldotherwise cost money. In exchange for accepting this benefit, the usermay be required to opt-in to a particular use of the user's personalinformation. To continue the example, the user may also be presentedwith another offer to pay money for the same premium benefits, or may beoffered a lesser benefit in exchange for a different kind of use of theuser's personal information, such as analytics analysis by the appprovider instead of the information being provided to a third party.

FIG. 5 illustrates a method 500 for controlling access to a user'spersonal information according to some embodiments.

At step 510, method 500 begins.

At step 520, personal information about a user of an application isobtained. In some embodiments, a proposed use for the information isalso determined. For example, the personal information may include theuser's name and address, and the application may propose to use theinformation by selling it to a third party. The application may activelyprovide the information to a system component (e.g., the executablecomponent 210 discussed above), or the personal information may beobtained by a process interacting with the application via anApplication Programming Interface (API), or by library interposition,network interposition, or other techniques.

At step 530, a required permission from the user is determined for atleast one proposed use of the personal information. A database may bereferenced to determine whether the user's consent is required for apropose use of a particular type of personal information. Differentrules may be provided for a single type of use based on one or moreaspects of the user's information or characteristics of the user,including the user's location, citizenship, age, privacy preferences,and the like. The privacy rules of one or more jurisdictions may bestored and applied as part of a hierarchy or decision tree. For example,one set of rules may be applied for a user in a particular jurisdiction,and a different set of rules may be applied for a second user in asecond jurisdiction. The permissions required may not be legally orcontractually mandated, but rather may be policies, guidelines, bestpractices, or privacy preferences set by the user, the applicationofferor, or a system administrator.

At step 540, a first offer is presented to the user to provide access toat least one enhanced function of the application in exchange for therequired permission. For example, the user may be presented with one ormore offers relating to the app in exchange for opting-in to certainuses of the user's personal information by the app or third-parties. Inone example, the offer may include, for example, access to a premium orenhanced feature of the app. For example, certain features of the appmay be “unlocked” or otherwise made available. Such features mayotherwise only be available in exchange for monetary payment by theuser, or may be unavailable altogether apart from opting-in to theoffer. In another example, the offer may be for a premium subscriptionlevel, or may be an offer for any level of subscription that wouldotherwise require a one-time or recurring payment. In still anotherexample, the offer may be for a number of “credits” or other currencyfor use in or in connection with the app. For example, a user of a musicdownload app, in which songs must otherwise be purchased using a creditcard or other traditional payment method, may be offered credits thatmay be redeemed to obtain songs. In still another example, the offer maybe for monetary compensation or the equivalent (e.g., a debit card orgift card).

Various terms for controlling the use of the information may be offered.For example, a user may be offered a benefit for a limited amount oftime (e.g., a month-long premium subscription), or may be offered abenefit for unlimited use of the information. In some embodiments, theoffer may include a term giving the user the opportunity to opt-out ofthe offer at certain times, possibly losing the benefit and withdrawingconsent to the use of the information.

One or more offers may be presented to the user sequentially orsimultaneously. In some embodiments, the offers may relate to each otherin some aspect, such as by offering different benefits in exchange forthe same use of certain personal information, or, conversely, byoffering the same benefit in exchange for using different pieces ofpersonal information. In some embodiments, offers may be selected forpresentation to the user based on the user's personal information orother information or characteristics of the user. For example, thepersonal information of a user in a certain demographic (e.g., aparticular age range, household or personal income range, geographiclocation, etc.) may be of particular interest to marketers. To enticethat desirable user to agree to allow such third parties to use theuser's personal information, the user may be presented with a morevaluable offer than other users. For example, the desirable user may beoffered 20 credits in exchange for a particular use of the user'sinformation, whereas other users of lesser interest may be offered only15 credits.

Offers may also be presented to users based on the user's known offerpreferences, either with respect to the current app or other settings.For example, if a user has repeatedly accepted, from among a number ofoffers, an offer for a month's worth of a premium subscription inexchange for allowing the use of the user's in-app behavior, that usermay be initially presented with a similar offer at the next opportunity.In some embodiments, the user's past preferences with offers maydetermine, at least in part, the terms of a current offer. For example,if a user has consistently agreed to certain uses of certain personalinformation in exchange for premium access, the user may be offered thesame premium access in exchange for additional uses of the personalinformation, or uses of additional or different personal information. Inthis incremental manner, the true value of the user's opt-in can beestimated.

In some embodiments, an offer market may be established or referred to,with the potential offers to be presented to users adjusted periodicallybased on interest and/or acceptance of the offer by users. For example,if an offer of 20 credits in exchange for use of a user's personalinformation is accepted by a very high percentage of users, that mayindicate that the offer is higher than necessary. In that case, thenumber of credits offered may be reduced, or the amount of informationto be used, or the types of uses, may be increased or otherwise changed.

In some embodiments, two or more offers may be presented simultaneouslyvia a user interface, for example, on the user's mobile device. FIG. 6shows a screenshot of an exemplary user interface 600 according to someembodiments. In this view, the user is presented with two offers 610 and620. The first offer 610 offers the user access to a “basic version” ofthe app in exchange for allowing use of the user's location and gender.The second offer 620 offers the user access to a “premium version” ofthe app in exchange for allowing use of the user's location, gender,age, and income. The user may select the first offer 610 or second offer620 by interacting with user interface elements, such as the buttons612, 622, respectively, or clicking the offers themselves. In someembodiments, the offers may be swipeable, or otherwise interacted withto indicate whether the user is interested in the offer. For example,the user may “swipe away” the first offer, causing another offer to bedisplayed in its place. Information about what offers the user isinterested in may be used to iteratively refine the selection of offersfor the user.

Returning again to FIG. 5, at step 550, the user is provided with accessto the at least one enhanced function of the application responsive tothe user providing the required permission. The user may beautomatically granted the access immediately, or may be provided with apromo or authorization code that can be entered within the app to accessthe enhanced functionality. At step 560, method 500 ends.

FIG. 7 is a block diagram of a distributed computer system 700, in whichvarious aspects and functions discussed above may be practiced. Thedistributed computer system 700 may include one or more computersystems. For example, as illustrated, the distributed computer system700 includes three computer systems 702, 704 and 706. As shown, thecomputer systems 702, 704 and 706 are interconnected by, and mayexchange data through, a communication network 708. The network 708 mayinclude any communication network through which computer systems mayexchange data. To exchange data via the network 708, the computersystems 702, 704, and 706 and the network 708 may use various methods,protocols and standards including, among others, token ring, Ethernet,Wireless Ethernet, Bluetooth, radio signaling, infra-red signaling,TCP/IP, UDP, HTTP, FTP, SNMP, SMS, MMS, SS7, JSON, XML, REST, SOAP,CORBA HOP, RMI, DCOM and Web Services.

According to some embodiments, the functions and operations discussedfor producing a three-dimensional synthetic viewpoint can be executed oncomputer systems 702, 704 and 706 individually and/or in combination.For example, the computer systems 702, 704, and 706 support, forexample, participation in a collaborative network. In one alternative, asingle computer system (e.g., 702) can generate the three-dimensionalsynthetic viewpoint. The computer systems 702, 704 and 706 may includepersonal computing devices such as cellular telephones, smart phones,tablets, “fablets,” etc., and may also include desktop computers, laptopcomputers, etc.

Various aspects and functions in accord with embodiments discussedherein may be implemented as specialized hardware or software executingin one or more computer systems including the computer systems shown inFIGS. 1-3. In one embodiment, computer system 702 is a personalcomputing device specially configured to execute the processes and/oroperations discussed above. As depicted, the computer system 702includes at least one processor 710 (e.g., a single core or a multi-coreprocessor), a memory 712, a bus 714, input/output interfaces (e.g., 716)and storage 718. The processor 710, which may include one or moremicroprocessors or other types of controllers, can perform a series ofinstructions that manipulate data. As shown, the processor 710 isconnected to other system components, including a memory 712, by aninterconnection element (e.g., the bus 714).

The memory 712 and/or storage 718 may be used for storing programs anddata during operation of the computer system 702. For example, thememory 712 may be a relatively high performance, volatile, random accessmemory such as a dynamic random access memory (DRAM) or static memory(SRAM). In addition, the memory 712 may include any device for storingdata, such as a disk drive or other non-volatile storage device, such asflash memory, solid state, or phase-change memory (PCM). In furtherembodiments, the functions and operations discussed with respect togenerating and/or rendering synthetic three-dimensional views can beembodied in an application that is executed on the computer system 702from the memory 712 and/or the storage 718. For example, the applicationcan be made available through an “app store” for download and/orpurchase. Once installed or made available for execution, computersystem 702 can be specially configured to execute the functionsassociated with producing synthetic three-dimensional views.

Computer system 702 also includes one or more interfaces 716 such asinput devices (e.g., camera for capturing images), output devices andcombination input/output devices. The interfaces 716 may receive input,provide output, or both. The storage 718 may include a computer-readableand computer-writeable nonvolatile storage medium in which instructionsare stored that define a program to be executed by the processor. Thestorage system 718 also may include information that is recorded, on orin, the medium, and this information may be processed by theapplication. A medium that can be used with various embodiments mayinclude, for example, optical disk, magnetic disk or flash memory, SSD,among others. Further, aspects and embodiments are not to a particularmemory system or storage system.

In some embodiments, the computer system 702 may include an operatingsystem that manages at least a portion of the hardware components (e.g.,input/output devices, touch screens, cameras, etc.) included in computersystem 702. One or more processors or controllers, such as processor710, may execute an operating system which may be, among others, aWindows-based operating system (e.g., Windows NT, ME, XP, Vista, 7, 8,or RT) available from the Microsoft Corporation, an operating systemavailable from Apple Computer (e.g., MAC OS, including System X), one ofmany Linux-based operating system distributions (for example, theEnterprise Linux operating system available from Red Hat Inc.), aSolaris operating system available from Oracle Corporation, or a UNIXoperating systems available from various sources. Many other operatingsystems may be used, including operating systems designed for personalcomputing devices (e.g., iOS, Android, etc.) and embodiments are notlimited to any particular operating system.

The processor and operating system together define a computing platformon which applications (e.g., “apps” available from an “app store”) maybe executed. Additionally, various functions for generating andmanipulating images may be implemented in a non-programmed environment(for example, documents created in HTML, XML or other format that, whenviewed in a window of a browser program, render aspects of agraphical-user interface or perform other functions). Further, variousembodiments in accord with aspects of the present invention may beimplemented as programmed or non-programmed components, or anycombination thereof. Various embodiments may be implemented in part asMATLAB functions, scripts, and/or batch jobs. Thus, the invention is notlimited to a specific programming language and any suitable programminglanguage could also be used.

Although the computer system 702 is shown by way of example as one typeof computer system upon which various functions for producingthree-dimensional synthetic views may be practiced, aspects andembodiments are not limited to being implemented on the computer systemshown in FIG. 7. Various aspects and functions may be practiced on oneor more computers or similar devices having different architectures orcomponents than that shown in FIG. 7.

Having described above several aspects of at least one embodiment, it isto be appreciated various alterations, modifications, and improvementswill readily occur to those skilled in the art. Such alterations,modifications, and improvements are intended to be part of thisdisclosure and are intended to be within the scope of the invention.Accordingly, the foregoing description and drawings are by way ofexample only, and the scope of the invention should be determined fromproper construction of the appended claims, and their equivalents.

What is claimed is:
 1. A system for managing use of a personalinformation about a user, comprising: an application component operableby the user on a user device, wherein the application componentidentifies at least one of (i) a type of personal information to becollected or (ii) an intended use of the personal information to becollected; a permission component informationally coupled to theapplication component, wherein the permission component identifies apermission required from the user to (i) collect the personalinformation or (ii) enact the intended use of the personal information;and a privacy component informationally coupled to the permissioncomponent, wherein the privacy component presents a disclosure to theuser that includes at least one of (i) the type of personal informationto be collected or (ii) the intended use of the personal information tobe collected, and further presents an option for the user to grant thepermission; wherein the system collects the personal information fromthe user via the application component operating on the user device orenacts the intended use of the personal information, to be collectedfrom the user via the application component of the user device, based onthe user's response to the option.
 2. The system of claim 1, wherein theprivacy component prohibits access to a feature of the system based onthe user's response to the option.
 3. The system of claim 1, whereinuser access to a feature of the system is contingent on the usergranting the permission.
 4. The system of claim 1, wherein the personalinformation includes at least one of user location, user name, useraddress, user background information, user age, user gender, userhousehold income, user family or marital status, or user transactionalhistory.
 5. The system of claim 1, wherein the intended use of thepersonal information is one of analytics, market research, marketsegmentation, or disclosure to third parties.
 6. The system of claim 1,wherein the permission is based on at least one of a current location ofthe user, a previous location of the user, or a residential location ofthe user.
 7. The system of claim 1, wherein application componentoperates on a mobile device of the user.
 8. The system of claim 1,wherein the intended use of the type of personal information is based onat least one of a privacy policy of the application, a law, or aregulation.
 9. The system of claim 1, wherein the permission is based oneither the identification of the type of personal information to becollected or an intended use of the personal information to becollected.
 10. The system of claim 1, wherein the privacy componentfurther presents an offer to access a feature of the system in exchangefor the user granting the permission.
 11. The system of claim 10,wherein the feature of the system is a reduced number of commercialadvertisements presented to the user by the application component. 12.The system of claim 1, wherein the application component presents thetype of personal information and the intended use to the user in adisplay matrix.
 13. The system of claim 12, wherein the display matrixis presented on a website or directly by the application component. 14.A system for enabling a feature of a system, comprising: an applicationcomponent operable by a user on a user device, wherein the applicationcomponent identifies a personal information about the user to becollected; a permission component informationally coupled to theapplication component, wherein the permission component identifies apermission required from the user for a first intended use of thepersonal information by the system; and a privacy componentinformationally coupled to the permission component, wherein the privacycomponent presents a first offer to the user to enable the feature ofthe system in exchange for the user granting the permission requiredfrom the user for the first intended use of the personal information,wherein the system enables the feature of the system based on a responseof the user to the first offer, and wherein the application componentoperating on the user device collects the personal information from theuser.
 15. The system of claim 14, wherein the application is furtherconfigured to present to the user, simultaneously with the first offer,a second offer to enable the feature of the system in exchange for apayment from the user; and responsive to the user making the payment,enabling the feature of the system.
 16. The system of claim 14, whereinthe personal information has a second intended use requiring a secondpermission from the user, wherein the privacy component further presentsa second offer to the user to enable the feature of the system inexchange for the user granting the second permission, and wherein thefeature is enabled by the user granting the second permission.
 17. Thesystem of claim 14, wherein the permission component identifies afurther permission required from the user for a second intended use ofthe personal information, wherein the privacy component presents asecond offer to the user to enable a further feature of the system inexchange for the user granting the further permission for the secondintended use, and wherein the system enables the further feature of thesystem based on a response of the user to the second offer.
 18. Thesystem of claim 14, wherein the permission required is based at least inpart on a privacy policy of the application, a law, or a regulation. 19.The system of claim 14, wherein the first intended use of the personalinformation is one of analytics, market research, market segmentation,or disclosure to third parties.
 20. A system for controlling access to apersonal information of a user of a software, the system comprising anapplication component operating on a user device executing the software,wherein the application component is configured to: identify and collectthe personal information from the user and identify a proposed use ofthe personal information; receive a permission notice for the personalinformation to be used for the proposed use; display a notice of thepersonal information and the proposed use to the user; receive aresponse from the user regarding the permission notice; and grant ordeny the user access to a function of the software.
 21. The method ofclaim 20, wherein the permission notice is received from and determinedby a privacy component informationally coupled to the applicationcomponent.
 22. A system for managing use of a personal information abouta user, comprising: an electronic user device comprising: an applicationcomponent operable by the user on the electronic device, wherein theapplication component identifies at least one of (i) a type of personalinformation to be collected or (ii) an intended use of the personalinformation to be collected, and wherein the application collects thepersonal information from the user; a permission componentinformationally coupled to the application component, wherein thepermission component identifies a permission required from the user to(i) collect the personal information or (ii) enact the intended use ofthe personal information; and a privacy component informationallycoupled to the permission component, wherein the privacy componentpresents a disclosure that includes at least one of (i) the type ofpersonal information to be collected or (ii) the intended use of thepersonal information to be collected, and further presents an option forthe user to grant the permission; one or more servers at one or morelocations remote from the electronic device that are operable to set aprivacy policy within the permission component; and one or more serversat one or more locations remote from the electronic device that areoperable to receive personal information from the electronic device. 23.The system of claim 22, wherein the privacy component prohibits accessto a feature of the system based on the user's response to the option.24. The system of claim 22, wherein user access to a feature of thesystem is contingent on the user granting the permission.
 25. The systemof claim 22, wherein the personal information includes at least one ofuser location, user name, user address, user background information,user age, user gender, user household income, user family or maritalstatus, or user transactional history.
 26. The system of claim 22,wherein the intended use of the personal information is one ofanalytics, market research, market segmentation, or disclosure to thirdparties.
 27. The system of claim 22, wherein the permission is based onat least one of a current location of the user, a previous location ofthe user, or a residential location of the user.
 28. The system of claim22, wherein application component operates on a mobile device of theuser.
 29. The system of claim 22, wherein the intended use of the typeof personal information is based on at least one of a privacy policy ofthe application, a law, or a regulation.
 30. The system of claim 22,wherein the privacy component further presents an offer to access afeature of the system in exchange for the user granting the permission.31. The system of claim 30, wherein the feature of the system is areduced number of commercial advertisements presented to the user by theapplication component.
 32. The system of claim 22, wherein theapplication component presents the type of personal information and theintended use to the user in a display matrix.
 33. The system of claim32, wherein the display matrix is presented on a website or directly bythe application component.
 34. A system for controlling access to auser's personal information comprising: an electronic device operable bya user and comprising a processor and application having a softwarecomponent with an application programming interface (API), wherein theapplication, executing on the electronic device of a user, obtainspersonal information about the user of the application from the user,wherein the personal information is of a first type having a first use,and wherein the first use requires a first permission from the userbased on a privacy policy, wherein the application is operable togenerate a first offer based on the required first permission, andpresent a first offer to the user to grant the user access to a firstfunction of the application in exchange for the user granting the firstrequired permission; wherein the user is provided access to the firstfunction of the application responsive to the user granting the firstrequired permission; and wherein, after the user grants the firstrequired permission, the application collects at least the user's firsttype of personal information; one or more servers at one or morelocations remote from the electronic device that are operable to set theprivacy policy within the application; and one or more servers at one ormore locations remote from the electronic device that are operable toreceive the user's personal information from the electronic device. 35.The system of claim 34, wherein the first function of the application isfunctionally not available to at least one other user of theapplication.
 36. The system of claim 34, wherein the first function ofthe application is a reduced number of commercial advertisementspresented to the user in the application.
 37. The system of claim 34,wherein the application is further configured to present to the user,simultaneously with the first offer, a second offer to provide access tothe first function of the application in exchange for a payment from theuser; and responsive to the user making the payment, provide the userwith access to the first function of the application.
 38. The system ofclaim 34, wherein the personal information includes at least one of userlocation, user name, user address, user background information, userage, user gender, user household income, user family or marital status,or user transactional history.
 39. The system of claim 34, wherein thefirst use of the personal information is one of analytics, marketresearch, market segmentation, or disclosure to third parties.
 40. Thesystem of claim 34, wherein the personal information has a second userequiring a second permission from the user, and the application isfurther configured to perform the steps of: presenting a second offer tothe user to grant the user access to a first function of the applicationin exchange for the user granting the first required permission; andaccessing the second function of the application responsive to the usergranting the second required permission.
 41. The system of claim 34,wherein the first permission is based on at least one of a currentlocation of the user, a previous location of the user, or a residentiallocation of the user.
 42. The system of claim 34, wherein the electronicdevice is a mobile device and the application is a mobile application.43. The system of claim 34, wherein the first use of the first type ofinformation is based on at least one of a privacy policy of theapplication, a law, or a regulation.
 44. The system of claim 34, whereinthe first use has a value, and the first offer is based at least in parton the value.
 45. The system of claim 44, wherein the value isdetermined with reference to at least one of the type of the personalinformation or a demographic information of the user.
 46. The electronicdevice of claim 34, wherein the application is configured to display thepersonal information about the user and the first use in a displaymatrix.
 47. The system of claim 46, wherein the display matrix ispresented on one of a website or the application.